We actively provide security updates for the following versions:

This project aims for compliance with the German BSI Technical Guideline TR-03183 for Cyber Resilience.

• SBOM: A Software Bill of Materials in CycloneDX (Schema 1.6) format is generated for every release.
• Availability: You can find the bom.json as a release asset on GitHub or as a signed artifact on Maven Central.
• Integrity: All official SBOMs are GPG-signed to ensure software supply chain integrity.

We take the security of Jexxa Adapters seriously. If you believe you have found a security vulnerability, please help us fix it by reporting it responsibly.

Please do not report security vulnerabilities via public GitHub issues.

1. Send an email to security@jexxa.io.
2. Include a detailed description of the vulnerability, steps to reproduce, and the potential impact.
3. We will acknowledge receipt of your report within 48 hours and provide a timeline for the fix.

• We will coordinate a fix and a public disclosure with you.
• We follow the principle of Coordinated Vulnerability Disclosure (CVD).
• We do not pursue legal action against researchers who act in good faith and follow this policy.

• To report a vulnerability: Please go to the Security tab of this repository and select "Report a vulnerability".
• Official Advisories: Once published, security advisories will be listed here.